Yattan Bibi, scrubber of floors and cleaner of dishes (other people’s), has spent the past six months visiting a number of government departments, bank offices and “camps” in different schools. All this to get her identity proven—again and again. It’s a bureaucratic obstacle race that’s tired her out but the hope of getting some kind of dole “for my old age when my limbs get weak” keeps this unlettered woman stubbornly on the paper chase. Most of the time she has no clue quite what is expected of her, much less why.

In recent weeks, armed with her tattered ration card and an old bank passbook which are her most prized assets, Yattan Bibi has piled up an impressive number of documents. Thanks to her ration card she has got an aadhaar number, which is software czar Nandan Nilekani’s “gift” of a unique identity to the millions he says have been left out of the system because they have no documents to prove who they are. The unique 12-digit number is not an open sesame however. It did not help Yattan Bibi open a special public sector bank account for pension of Rs 600 a month under the Delhi government’s Dilli Annshree Yojana. The bank says aadhaar is not a valid proof of residence. It has, instead, asked for a voter ID card or a permanent account number (PAN) card to prove her bonafides.

As different arms of the government work on parallel lines, unnecessary complexities are being created. Officially, aadhaar registration is voluntary but it is implicitly compulsory since there is the threat of denial of services. Enrolment with the National Population Register (NPR), on the other hand is mandatory, and C Chandramouli, Registrar General and Census Commissioner of India, who runs NPR has sent out a warning that the time for filling in the Know Your Resident Plus (KYR+) form is running out. The KYR+ will, eventually, result in the ultimate proof of identity, a citizenship card with the aadhaar number on it. Or so we are promised.

Between the seemingly lax aadhaar of the Unique Identification Authority of India (UIDAI) and the stricter KYR+ of NPR, which comes under the Ministry of Home Affairs, is a messy universe of verification and authentication that is complicating the lives of the poor, with no guarantee of the much promised “social inclusion” at the end of it all. If anything, Down To Earth’s investigations have shown that the Unique Identification (UID) programme is as prone to being a tool of exclusion as it is of ensuring the benefits of welfare schemes (see ‘Unique identity crisis’, Down To Earth, May 1-15, 2012). Across the country, workers are being denied their wages because authentication machines fail to match their fingerprints with the UIDAI database. Forget the iris scans because we don’t have the money for such sophisticated machines. Above all is the overarching question of safety and likely misuse of data.

Recently, data of 300,000 applicants containing PAN and biometric information was lost while being uploaded from Mumbai to the UIDAI server in Bengaluru because a hard disk of the Maharashtra government’s IT department crashed. Shocking, said many commentators. But what of the many instances that have come to light of laptops with such data that have gone missing? In spite of the frequency of such data disasters, privacy concerns are being dismissed as elitist. Such questions, goes the official argument, ignore the ground realities of India where millions desperately need an identity of some kind to be part of the system. Yet, in March, the Bombay High Court directed UIDAI and the Union government to respond within three months to a public interest litigation questioning the lack of safeguards in aadhaar.

Now comes an even more troubling disclosure. Legal expert Usha Ramanathan who has been studying the policy and practices of Nilekani’s UIDAI over the past five years, warns that the authority will be a business entity governed by the Companies Act. It is not bound by a law that will recognise the fiduciary role of the state, she warns. In that role, government does not own data.

As Ramanathan explains it, the framework for ownership of data was set out by Nilekani in the Technology Advisory Group for Unique Projects which he chaired. This group suggested the setting up of National Information Utilities (NIUs) to manage government’s databases through the creation of NIUs which will then “own” the data as private companies with a public purpose. But essentially profit-making would be their goal. While the government would have “strategic control”, NIUs would be at least 51 per cent owned privately. In other words, the data would be privatised after the operations of NIUs are stabilised (with state funding and support, of course). Thereafter, the government would become a “paying customer” whereas NIUs would be “essentially set up as natural monopolies”. How do we deal with such a chilling scenario in a country that has no privacy laws or data protection regulations?